Felten attended the California Institute of Technology and graduated with a degree in Physics in 1985. He worked as a staff programmer at Caltech from 1986 to 1989 on a parallel supercomputer project at Caltech. He then enrolled as a graduate student in Computer Science at the University of Washington. He was awarded a Master of Science degree in 1991 and a Ph.D in 1993. His Ph.D. thesis was on developing an automated protocol for communication between parallel processors.

Felten was a witness for the United States government in United States v. Microsoft, where the software company was charged with committing a variety of antitrust crimes. During the trial, Microsoft's attorneys denied that it was possible to remove the Internet Explorer web browser from a Windows 98 equipped computer without significantly impairing the operation of Windows.

Citing research he had undertaken with Christian Hicks and Peter Creath, two of his former students,[7] Felten testified that it was possible to remove Internet Explorer functionality from Windows without causing any problems with the operating system. He demonstrated his team's tool in court, showing 19 ways in which it is normally possible to access the web browser from the Windows platform that his team's tool rendered inaccessible.

Microsoft argued that Felten's changes did not truly remove Internet Explorer but only made its functionality inaccessible to the end user by removing icons, shortcuts and the iexplore.exe executable file, and making changes to the system registry. This led to a debate as to what exactly constitutes the "web browser," since much of the core functionality of Internet Explorer is stored in a shared dynamic-link library, accessible to any program running under Windows.

Microsoft also argued that Felten's tool did not even completely remove web-browsing capability from the system since it was still possible to access the web through other Windows executables besides iexplore.exe, such as the Windows help system.

As part of a contest in 2000, SDMI (Secure Digital Music Initiative) invited researchers and others to try to break the digital audiowatermark technologies that they had devised. In a series of individual challenges, the participants were given a sample audio piece, with one of the watermarks embedded. If the participants sent back the sample with the watermark removed (and with less than an acceptable amount of signal loss, though this condition was not stated by SDMI), they would win that particular challenge.

Felten was an initial participant of the contest. He chose to opt out of confidentiality agreements that would have made his team eligible for the cash prize. Despite being given very little or no information about the watermarking technologies other than the audio samples and having only three weeks to work with them, Felten and his team managed to modify the files sufficiently that SDMI's automated judging system declared the watermark removed.

SDMI did not accept that Felten had successfully broken the watermark according to the rules of the contest, noting that there was a requirement for files to lose no sound quality. SDMI claimed that the automated judging result was inconclusive, as a submission which simply wiped all the sounds off the file would have successfully removed the watermark but would not meet the quality requirement.

Felten's team developed a scientific paper explaining the methods used by his team in defeating the SDMI watermarks. Planning to present the paper at the Fourth International Information Hiding Workshop of 2001 in Pittsburgh, Felten was threatened with legal action by SDMI,[8] the Recording Industry Association of America (RIAA), and Verance Corporation, under the terms of the DMCA, on the argument that one of the technologies his team had broken was currently in use in the market. Felten withdrew the presentation from the workshop, reading a brief statement about the threats instead. SDMI and other copyright holders denied that they had ever threatened to sue Felten. However, SDMI appears to have threatened legal action when spokesman Matt Oppenheim warned Felten in a letter that "any disclosure of information gained from participating in the Public Challenge....could subject you and your research team to actions under the Digital Millennium Copyright Act.".[9]

Felten presented his paper at the USENIX security conference in 2001. The United States Department of Justice has offered Felten and other researchers assurances that the DMCA does not threaten their work and stated that the legal threats against them were invalid.

On November 15, 2005, Felten and J. Alex Halderman showed that Sony's method for removing XCP copy protection software from the computer makes it more vulnerable to attack, as it essentially installed a rootkit, in the form of an Active X control used by the uninstaller, and left it on the user's machine and set so as to allow any web page visited by the user to execute arbitrary code. Felten and Halderman described the problem in a blog post:

The consequences of the flaw are severe, it allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get.[11]

On September 13, 2006, Felten and graduate students Ariel Feldman and Alex Halderman discovered severe security flaws in a Diebold Election Systems (now Premier Election Solutions) voting machine. Their findings claimed, "Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss."[12]

In early 2008, New Jersey election officials announced that they planned to send one or more Sequoia Advantage voting machines to Ed Felten and Andrew Appel (also of Princeton University) for analysis. In March 2008, Sequoia sent an e-mail to Professor Felten asserting that allowing him to examine Sequoia voting machines would violate the license agreement between Sequoia and the county which bought them, and also that Sequoia would take legal action "to stop [...] any non-compliant analysis, [...] publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."
[13]
This action sparked outrage among computer technology activists.[14][15]

After examining Sequoia's machines, Felten and Appel indeed discovered grave problems with the accuracy of the machines.[16] They also demonstrated that the machines can be hacked and compromised within minutes.[17]

Shortly after that, Sequoia's corporate Web site was hacked. The hack was first discovered by Ed Felten. Sequoia took its Web site down on 20 March and removed the "intrusive content."[18]

In February 2008, Felten and his students were part of the team that discovered the cold boot attack, which allows someone with physical access to a computer to bypass operating system protections and extract the contents of its memory.[19]